- Home
- CVEs with nessus.description==Updated+kernel+packages+that+fix+multiple+security+issues+and+several+bugs+are+now+available+for+Red+Hat+Enterprise+Linux+7.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+Moderate+security+impact.+Common+Vulnerability+Scoring+System+%28CVSS%29+base+scores%2C+which+give+detailed+severity+ratings%2C+are+available+for+each+vulnerability+from+the+CVE+links+in+the+References+section.%0A%0AThe+kernel+packages+contain+the+Linux+kernel%2C+the+core+of+any+Linux+operating+system.%0A%0A%2A+An+integer+overflow+flaw+was+found+in+the+way+the+Linux+kernel%27s+netfilter+connection+tracking+implementation+loaded+extensions.+An+attacker+on+a+local+network+could+potentially+send+a+sequence+of+specially+crafted+packets+that+would+initiate+the+loading+of+a+large+number+of+extensions%2C+causing+the+targeted+system+in+that+network+to+crash.+%28CVE-2014-9715%2C+Moderate%29%0A%0A%2A+A+stack-based+buffer+overflow+flaw+was+found+in+the+Linux+kernel%27s+early+load+microcode+functionality.+On+a+system+with+UEFI+Secure+Boot+enabled%2C+a+local%2C+privileged+user+could+use+this+flaw+to+increase+their+privileges+to+the+kernel+%28ring0%29+level%2C+bypassing+intended+restrictions+in+place.+%28CVE-2015-2666%2C+Moderate%29%0A%0A%2A+It+was+found+that+the+Linux+kernel%27s+ping+socket+implementation+did+not+properly+handle+socket+unhashing+during+spurious+disconnects%2C+which+could+lead+to+a+use-after-free+flaw.+On+x86-64+architecture+systems%2C+a+local+user+able+to+create+ping+sockets+could+use+this+flaw+to+crash+the+system.+On+non-x86-64+architecture+systems%2C+a+local+user+able+to+create+ping+sockets+could+use+this+flaw+to+escalate+their+privileges+on+the+system.+%28CVE-2015-3636%2C+Moderate%29%0A%0A%2A+It+was+found+that+the+Linux+kernel%27s+TCP%2FIP+protocol+suite+implementation+for+IPv6+allowed+the+Hop+Limit+value+to+be+set+to+a+smaller+value+than+the+default+one.+An+attacker+on+a+local+network+could+use+this+flaw+to+prevent+systems+on+that+network+from+sending+or+receiving+network+packets.+%28CVE-2015-2922%2C+Low%29%0A%0ARed+Hat+would+like+to+thank+Nathan+Hoad+for+reporting+the+CVE-2014-9715+issue.%0A%0AThis+update+also+fixes+several+bugs.+Refer+to+the+following+Knowledgebase+article+for+further+information+%3A%0A%0Ahttps%3A%2F%2Faccess.redhat.com%2Farticles%2F1474193%0A%0AAll+kernel+users+are+advised+to+upgrade+to+these+updated+packages%2C+which+contain+backported+patches+to+correct+these+issues.+The+system+must+be+rebooted+for+this+update+to+take+effect
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top